4 matches found
WordPress Contact Form Builder by vcita Plugin <= 4.10.2 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Builder by vcita Type Plugin Vulnerable versions = 4.10.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2300 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3b4b71b799e4 Credits Jonas...
CVE-2023-2300
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...
CVE-2023-2300 Contact Form Builder by vcita <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...
CVE-2023-2300
CVE-2023-2300 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Contact Form Builder by vcita (≤ 4.9.1). The issue arises from insufficient input sanitization and output escaping of the email parameter, allowing an authenticated attacker with edit_posts capabilit...